Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Public IP in DMZ on ASA5510 :: Bridging ?

Hi Folks,

So I have a new 5510 which I have upgraded to 8.4(3). I have a /29 subnet from the telco on my outside interface. I have 6 subinterfaces on a dot1Q trunk on my inside interface. The customer requirement is to have two servers in a DMZ which have public IP's from the /29 subnet. The customer will not give the servers a new IP address so we are stuck with the two public IPs in the DMZ. I thought I would need a bridge group and bridge the outside, two DMZ interfaces but I read that bridging requires the firewall to be in transparent mode and then it won't support VPNs - this is not an option as I need to terminate VPNs on the box too.

My question is - how can I accomodate the two servers in the DMZ with public IPs whilst the ASA is in routed mode ?

Thanks

Paul.

Everyone's tags (6)
1 REPLY
Cisco Employee

Public IP in DMZ on ASA5510 :: Bridging ?

Paul,

Since the Range that you have is already assigned on the outside interface, I dont see a feasible way to accomplish this. Basically NAT will be one, but I guess your customer is clear that he doesnt want to do that, another would be asking for an additional pool to be routed to the ASA firewall and then create some sort of a public interface on the ASA firewall besides the outside that you already have.

Mike

Mike
503
Views
0
Helpful
1
Replies
CreatePlease to create content